Microsoft Security Assessment Tool (MSAT)

A new version of MSAT – Microsoft Security Assessment Tool slipped through the radar, version 3 SP1 was released back in June of this year!

This tool seems to get very little attention or media for some reason, here is a quick overview of the tool and some handy links. The best thing is this tool is FREE!

The Microsoft Security Assessment Tool (MSAT) is a free tool designed to help organizations like yours assess weaknesses in your current IT security environment, reveal a prioritized list of issues, and help provide specific guidance to minimize those risks. MSAT is an easy, cost-effective way to begin strengthening the security of your computing environment and your business. Begin the process by taking a snapshot of your current security state, and then use MSAT to continuously monitor your infrastructure’s ability to respond to security threats.

MSAT provides:

  • Easy to use, comprehensive, and continuous security awareness
  • A defense-in-depth framework with industry comparative analysis
  • Detailed, ongoing reporting comparing your baseline to your progress
  • Proven recommendations and prioritized activities to improve security
  • Structured Microsoft and industry guidance

Official Web Page
FAQ Web Page
Download Page

Server Core – Windows Server 2008 with no GUI

AND that’s a good thing!

Windows Server 2008 – Server Core is essentially Windows Server 2008 (Longhorn) without a GUI – think of it as Linux at run level 3 i.e. with no X window such as KDE, Gnome or other Linux windows managers.
This is something that I have always questioned since NT 4.0, why do we have all of this GUI bloat when the server is a File and Print or DHCP or AD!! It’s always been a scary thing when you see Administrators using a server to do workstation related work, such as browse the web to download a driver for the server because they are too lazy to go back to their workstation and download it.

Well with Server Core we can now use a server without a GUI to perform the following roles:

  • Active Directory Domain Services
  • Active Directory Lightweight Directory Services (AD LDS)
  • Dynamic Host Configuration Protocol (DHCP) Server
  • DNS Server
  • File Services
  • Print Server
  • Streaming Media Services

The following optional features are also supported:

  • Microsoft Failover Cluster
  • Network Load Balancing
  • Subsystem for UNIX-based Applications
  • Windows Backup
  • Multipath I/O
  • Removable Storage Management
  • Windows Bitlocker Drive Encryption
  • Simple Network Management Protocol (SNMP)
  • Windows Internet Naming Service (WINS)
  • Telnet client
  • Quality of Service (QoS)

The advantages of using Server Core are endless, however some highlights are a reduction in maintenance, less disk space, lower hardware requirements and from a security stand point the attack surface is reduced substantially, remember there is no Browser nor can one be installed!

To manage Server Core you obviously use the command prompt, however you can and probably should manage Server Core from a remote machine e.g. a Vista workstation and that way you can use some GUI based tools such as DNS snap-in or AD snap-in. In addition there are a few scripts that Microsoft supply.

See my Quick Configuration Guide and Command Line Syntax Guide

Official Microsoft Website and links to guides:
Blog site
Server Core Forum
Official Step-By-Step Guide

Slip Stream Windows Server 2003 R2 Disk2

You can slip stream Windows Server 2003 Disk 1 with tools such as AutoStreamer or use the official method of slip streaming a Service Pack into installation media.

However when you install Windows Server 2003 R2 it will ask for disk 2 which cannot be slipstreamed and will also state that this version of Windows is unsupported.

The solution to this problem is is very simple:

  1. Copy the contents of the R2 disk2 to a temp folder on your hard drive
  2. Navigate to the CMPNENTSR2 folder
  3. Edit the file R2INTL.INF with notepad or your favourite text editor
  4. Change the line R2SPLevel = 1 to R2SPLevel = 2
  5. Save the file and close your text editor

Burn the contents onto a CD and you will now be able to install with the slipstreamed CD.
Note: In addition to this you could always just copy the contents to a network share.